Experts uncover vulnerability affecting Xen virtualization platform

A recent security bulletin from the U.S. Computer Emergency Readiness Team (US-CERT) informed the IT community of a potentially serious vulnerability that could be affecting a number of popular virtualization products. If the loophole is exploited, hackers could gain administrator privileges at the hypervisor level to inject code or access accounts.

"Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attacks," US-CERT officials stated. "The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape."

According to the bulletin, Intel, Microsoft, Red Hat, SUSE Linux, Xen and NetBSD were among those affected by and notified of the virtualization security loophole. As officials from Xen noted, "all systems running 64-bit hypervisor running 64-bit [para-virtualized] guests on Intel CPUs are vulnerable to this issue."

Xen and its associated vendors have since implemented updated coding that eliminates the exploit, but a number of IT teams are still feeling rather anxious considering the damage that could have been done while the vulnerability was left undetected.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," Microsoft officials explained. "An attacker could then install programs; view, change or delete data or create new accounts with full administrative rights."

Microsoft security experts did note that attackers would have needed valid local login credentials, eliminating the possibility of remote or anonymous threat. Nevertheless, news of another "escape-to-hypervisor" vulnerability has reignited some virtualization security fears.

According to InformationWeek's Matthew Schwartz, nearly one-third of all virtualization bugs confirmed in 2010 were found at the hypervisor level. The exploitation of a major platform such as Xen suggests that such issues continue to pose challenges for the industry. What's more, the potential chaos that hackers can wreak by targeting such weaknesses suggests that they will likely maintain focus in this area for some time.

"Since virtualized environments run multiple instances of operating systems, an attacker that escaped from any one of those instances and gained administrative-level rights could then access any other virtualized environment running on the same server," Schwartz wrote.

Affected vendors have dutifully notified their customers of any issues and provided resolution guidelines over the past few days. But this latest exploit comes as another reminder of the significance of and challenges within securing virtual environments.